Windows 8 - avast! meldet Bedrohung wegen Gutscheinfilters

norschoriess · 14.11.2013, 14:12

Hallo an ganzes Team!

Seit heute früh bekomme ich jede 10 - 15 Minuten eine Meldung mit Beschreibung:

URL: hxxp://f05e0362515f5125.srv.gutscheinfilter.de/?s
Infektion: URL:Mal.

Heute in der Nacht, gegen 2 - 3 Uhr morgens, habe ich Uploadet durchgeführt, so wie das jede Woche geschieht. Ob das einen Einfluss auf die erscheinende Meldung hatte / hat, weiss ich nicht.

Ich bitte Euch um Hilfe. Danke für Eure Bemühungen im voraus.

schrauber · 14.11.2013, 15:14

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

norschoriess · 14.11.2013, 21:18

Danke schrauber für schnelle Rückmeldung.

Folgendes ist auf Desktop zu sehen:

1. FRST - Editor
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by romanoff (administrator) on NORSCHORIESS on 14-11-2013 16:04:45
Running from C:\Users\romanoff\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\GFilterSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft) C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Yontoo LLC) C:\Users\romanoff\AppData\Roaming\Yontoo\YontooDesktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-05] (Hewlett-Packard)
HKCU\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-03-09] (Google)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {da3d9ea1-2bb0-4b38-82ae-1f41f01db969} - No File
URLSearchHook: HKCU - (No Name) - {da3d9ea1-2bb0-4b38-82ae-1f41f01db969} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0BzzyDzyyDtA0AyE0D0AtB0DtN0D0Tzu0CyDtDyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=2070327415&ir=
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
SearchScopes: HKLM - {3D997360-C236-438F-95A0-27066D3656BF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {5419E946-0E0C-0C69-E1A4-6B024BDC222B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - {2F7BC6A4-31F7-2E15-1298-70284BE95684} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549266
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=HitachiXHTS545050A7E380_TE85113Q28MEUR28MEURX&ts=1383929348&type=default&q={searchTerms}
SearchScopes: HKLM-x32 - {3D997360-C236-438F-95A0-27066D3656BF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0BzzyDzyyDtA0AyE0D0AtB0DtN0D0Tzu0CyDtDyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=2070327415&ir=
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CMNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=CE24A4173187BECF
SearchScopes: HKCU - {20FEF877-7BA3-4AC4-A1EE-5BB8D5800998} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {3D997360-C236-438F-95A0-27066D3656BF} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {5419E946-0E0C-0C69-E1A4-6B024BDC222B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2549266
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0BzzyDzyyDtA0AyE0D0AtB0DtN0D0Tzu0CyDtDyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1B1F1I1L1H1H1B1Q&cr=2070327415&ir=
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (SIEN)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
BHO-x32: No Name - {da3d9ea1-2bb0-4b38-82ae-1f41f01db969} -  No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - loadtbs - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\romanoff\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - No Name - {da3d9ea1-2bb0-4b38-82ae-1f41f01db969} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109
FF user.js: detected! => C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\user.js
FF Homepage: about:home
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @IObit.com/np_Asc_Plugin - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF SearchPlugin: C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\searchplugins\searchgol.xml
FF SearchPlugin: C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\ascsurfingprotection@iobit.com
FF Extension: DoNotTrackMe - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\donottrackplus@abine.com
FF Extension: Form History Control - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\formhistory@yahoo.com
FF Extension: Flagfox - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: BonanzaDeals - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF Extension: privateTab - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\privateTab@infocatcher.xpi
FF Extension: QuickPasswords - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\QuickPasswords@axelg.com.xpi
FF Extension: savedpasswordeditor - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\savedpasswordeditor@daniel.dawson.xpi
FF Extension: secureLogin - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\secureLogin@blueimp.net.xpi
FF Extension: simpletimer - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\simpletimer@grbradt.org.xpi
FF Extension: stefanvandamme - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\stefanvandamme@stefanvd.net.xpi
FF Extension: webbooster - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\webbooster@iminent.com.xpi
FF Extension: noscript - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\romanoff\AppData\Roaming\Mozilla\Firefox\Profiles\umqk16qz.default-1379229274109\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: priam_prefs - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (BonanzaDeals) - C:\Users\romanoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePluginFor6.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-08] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-08] (BonanzaDeals)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation)
R2 GFilterSvc; C:\Windows\System32\GFilterSvc.exe [119808 2013-03-03] ()
S3 GoogleDesktopManager-060409-093314; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-03-09] (Google)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2894144 2013-11-12] (Iminent)
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-07-10] (Wajam)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [1706136 2013-11-08] (Wsys Co., Ltd.)
R2 Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552 2013-05-17] (Microsoft)

==================== Drivers (Whitelisted) ====================

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [277648 2013-07-08] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-29] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 16:04 - 2013-11-14 16:06 - 00023995 _____ C:\Users\romanoff\Downloads\FRST.txt
2013-11-14 16:03 - 2013-11-14 16:03 - 00000000 ____D C:\FRST
2013-11-14 16:01 - 2013-11-14 16:02 - 01957794 _____ (Farbar) C:\Users\romanoff\Downloads\FRST64.exe
2013-11-14 07:05 - 2013-11-14 07:05 - 30694824 _____ (Oracle Corporation) C:\Users\romanoff\Downloads\jre-7u45-windows-x64.exe
2013-11-14 01:22 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 01:22 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 01:08 - 2013-11-14 01:08 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-14 01:08 - 2013-11-14 01:08 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-11-14 01:08 - 2013-11-14 01:08 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-11-14 01:08 - 2013-11-14 01:08 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-11-14 01:08 - 2013-11-14 01:08 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-11-14 01:08 - 2013-11-14 01:08 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-14 01:08 - 2013-11-14 01:08 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-14 01:08 - 2013-11-14 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 01:04 - 2013-11-14 15:02 - 00082551 _____ C:\Windows\WindowsUpdate.log
2013-11-13 23:25 - 2013-11-13 23:25 - 00000000 ____D C:\Users\romanoff\Downloads\OFFICE.97
2013-11-13 23:21 - 2013-11-13 23:22 - 00000000 ____D C:\Program Files\7-Zip
2013-11-13 23:20 - 2013-11-13 23:20 - 01376768 _____ C:\Users\romanoff\Downloads\7z920-x64.msi
2013-11-13 22:59 - 2013-11-13 23:00 - 206643160 _____ C:\Users\romanoff\Downloads\OFFICE.97.rar
2013-11-13 12:17 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-13 12:17 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 12:17 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-13 12:17 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 12:17 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 12:17 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 12:17 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:17 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 12:17 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 12:17 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 12:15 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 12:15 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 12:15 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 12:15 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 12:15 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 12:15 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 12:15 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 12:15 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 12:15 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 12:15 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 12:15 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 12:15 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 12:15 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 12:15 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 12:15 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 12:15 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 12:15 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 01:57 - 2013-11-13 14:01 - 00000000 ___RD C:\Users\romanoff\Google Drive
2013-11-13 01:54 - 2013-11-13 01:54 - 00819136 _____ (Google Inc.) C:\Users\romanoff\Downloads\googledrivesync.exe
2013-11-12 21:56 - 2013-11-12 21:56 - 00003509 _____ C:\Users\romanoff\Downloads\mail.html
2013-11-12 21:20 - 2013-11-12 21:20 - 00002729 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-12 21:20 - 2013-11-12 21:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-12 21:18 - 2013-11-12 21:18 - 01550496 _____ (Skype Technologies S.A.) C:\Users\romanoff\Downloads\SkypeSetup(1).exe
2013-11-12 16:11 - 2013-11-12 21:42 - 00000370 _____ C:\Windows\Tasks\HPCeeScheduleForromanoff.job
2013-11-12 16:11 - 2013-11-12 16:11 - 00003190 _____ C:\Windows\System32\Tasks\HPCeeScheduleForromanoff
2013-11-11 09:57 - 2013-11-11 09:57 - 00004679 _____ C:\Users\romanoff\Documents\AldiTalk.abw
2013-11-08 18:19 - 2013-11-14 00:02 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Skype
2013-11-08 18:18 - 2013-11-12 21:20 - 00000000 ____D C:\ProgramData\Skype
2013-11-08 18:16 - 2013-11-08 18:17 - 35060384 _____ (Skype Technologies S.A.) C:\Users\romanoff\Downloads\SkypeSetupFull6.10.60.104.exe
2013-11-08 17:50 - 2013-11-14 13:51 - 00000340 _____ C:\Windows\Tasks\UpdaterEX.job
2013-11-08 17:50 - 2013-11-14 01:23 - 00000000 ____D C:\ProgramData\eSafe
2013-11-08 17:50 - 2013-11-08 17:50 - 00002678 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-11-08 17:50 - 2013-11-08 17:50 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\UpdaterEX
2013-11-08 17:49 - 2013-11-14 14:54 - 00000956 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-11-08 17:49 - 2013-11-14 13:31 - 00000952 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-08 17:49 - 2013-11-08 17:59 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-08 17:49 - 2013-11-08 17:57 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Systweak
2013-11-08 17:49 - 2013-11-08 17:49 - 00003928 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-11-08 17:49 - 2013-11-08 17:49 - 00003692 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-11-08 17:49 - 2013-11-08 17:49 - 00000000 ____D C:\Users\romanoff\AppData\Local\BonanzaDealsLive
2013-11-08 17:49 - 2013-11-08 17:49 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-08 17:49 - 2013-11-08 17:49 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-08 17:48 - 2013-11-08 17:48 - 20586496 _____ C:\Users\romanoff\Downloads\SkypeSetup [1].exe
2013-11-08 17:48 - 2013-11-08 17:48 - 00003392 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-11-08 17:48 - 2013-11-08 17:48 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-08 17:48 - 2013-11-08 17:48 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-08 17:48 - 2013-09-17 11:25 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-11-08 17:47 - 2013-11-08 17:47 - 00683016 _____ C:\Users\romanoff\Downloads\SkypeSetup.exe
2013-11-05 23:06 - 2013-11-05 23:06 - 66445312 _____ C:\Windows\system32\config\SOFTWARE.iobit
2013-11-05 23:06 - 2013-11-05 23:06 - 00208896 _____ C:\Windows\system32\config\DEFAULT.iobit
2013-11-05 23:06 - 2013-11-05 23:06 - 00057344 _____ C:\Windows\system32\config\SAM.iobit
2013-11-05 23:06 - 2013-11-05 23:06 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2013-11-03 18:27 - 2013-11-03 18:27 - 23549776 _____ (Mozilla) C:\Users\romanoff\Downloads\WEB.DE_Firefox_Setup.exe
2013-10-22 01:39 - 2013-10-22 01:39 - 00281248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-20 16:08 - 2013-10-20 16:08 - 00000000 _____ C:\Users\romanoff\Documents\Neues Textdokument.txt
2013-10-18 07:53 - 2013-11-12 21:43 - 00000000 _____ C:\end

==================== One Month Modified Files and Folders =======

2013-11-14 16:06 - 2013-11-14 16:04 - 00023995 _____ C:\Users\romanoff\Downloads\FRST.txt
2013-11-14 16:03 - 2013-11-14 16:03 - 00000000 ____D C:\FRST
2013-11-14 16:02 - 2013-11-14 16:01 - 01957794 _____ (Farbar) C:\Users\romanoff\Downloads\FRST64.exe
2013-11-14 16:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-14 15:58 - 2012-08-10 17:45 - 00000821 _____ C:\Windows\SysWOW64\bscs.ini
2013-11-14 15:55 - 2012-12-15 10:26 - 00000528 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-14 15:55 - 2012-12-15 10:26 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-14 15:02 - 2013-11-14 01:04 - 00082551 _____ C:\Windows\WindowsUpdate.log
2013-11-14 14:54 - 2013-11-08 17:49 - 00000956 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-11-14 13:51 - 2013-11-08 17:50 - 00000340 _____ C:\Windows\Tasks\UpdaterEX.job
2013-11-14 13:49 - 2013-05-21 17:49 - 00000346 _____ C:\Windows\Tasks\MySearchDial.job
2013-11-14 13:40 - 2013-03-04 20:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 13:38 - 2012-08-17 20:13 - 00830120 _____ C:\Windows\system32\perfh007.dat
2013-11-14 13:38 - 2012-08-17 20:13 - 00188224 _____ C:\Windows\system32\perfc007.dat
2013-11-14 13:38 - 2012-07-26 08:28 - 01949368 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 13:33 - 2013-05-21 17:50 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Yontoo
2013-11-14 13:31 - 2013-11-08 17:49 - 00000952 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-14 13:31 - 2013-10-13 16:43 - 00000358 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-11-14 13:30 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 07:05 - 2013-11-14 07:05 - 30694824 _____ (Oracle Corporation) C:\Users\romanoff\Downloads\jre-7u45-windows-x64.exe
2013-11-14 01:23 - 2013-11-08 17:50 - 00000000 ____D C:\ProgramData\eSafe
2013-11-14 01:08 - 2013-11-14 01:08 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-14 01:08 - 2013-11-14 01:08 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-11-14 01:08 - 2013-11-14 01:08 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml
2013-11-14 01:08 - 2013-11-14 01:08 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-11-14 01:08 - 2013-11-14 01:08 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-11-14 01:08 - 2013-11-14 01:08 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-14 01:08 - 2013-11-14 01:08 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-14 01:08 - 2013-11-14 01:08 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-14 01:08 - 2013-11-14 01:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-14 01:02 - 2013-02-28 19:12 - 00000000 ____D C:\Users\romanoff
2013-11-14 00:04 - 2013-02-28 19:22 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-791015840-2656153920-2066263832-1002
2013-11-14 00:02 - 2013-11-08 18:19 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Skype
2013-11-13 23:59 - 2013-03-01 18:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 23:25 - 2013-11-13 23:25 - 00000000 ____D C:\Users\romanoff\Downloads\OFFICE.97
2013-11-13 23:22 - 2013-11-13 23:21 - 00000000 ____D C:\Program Files\7-Zip
2013-11-13 23:20 - 2013-11-13 23:20 - 01376768 _____ C:\Users\romanoff\Downloads\7z920-x64.msi
2013-11-13 23:12 - 2013-03-01 18:38 - 00000000 ____D C:\Users\romanoff\AppData\Local\Google
2013-11-13 23:00 - 2013-11-13 22:59 - 206643160 _____ C:\Users\romanoff\Downloads\OFFICE.97.rar
2013-11-13 14:01 - 2013-11-13 01:57 - 00000000 ___RD C:\Users\romanoff\Google Drive
2013-11-13 02:14 - 2013-09-25 20:12 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-13 01:54 - 2013-11-13 01:54 - 00819136 _____ (Google Inc.) C:\Users\romanoff\Downloads\googledrivesync.exe
2013-11-13 01:25 - 2013-06-16 11:00 - 00000452 _____ C:\Windows\Tasks\SpeedyPC Pro.job
2013-11-12 21:56 - 2013-11-12 21:56 - 00003509 _____ C:\Users\romanoff\Downloads\mail.html
2013-11-12 21:45 - 2013-04-20 14:20 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-11-12 21:43 - 2013-10-18 07:53 - 00000000 _____ C:\end
2013-11-12 21:42 - 2013-11-12 16:11 - 00000370 _____ C:\Windows\Tasks\HPCeeScheduleForromanoff.job
2013-11-12 21:20 - 2013-11-12 21:20 - 00002729 _____ C:\Users\Public\Desktop\Skype.lnk
2013-11-12 21:20 - 2013-11-12 21:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-12 21:20 - 2013-11-08 18:18 - 00000000 ____D C:\ProgramData\Skype
2013-11-12 21:18 - 2013-11-12 21:18 - 01550496 _____ (Skype Technologies S.A.) C:\Users\romanoff\Downloads\SkypeSetup(1).exe
2013-11-12 16:11 - 2013-11-12 16:11 - 00003190 _____ C:\Windows\System32\Tasks\HPCeeScheduleForromanoff
2013-11-11 11:33 - 2013-04-01 10:13 - 00000000 ____D C:\Users\romanoff\AbiSuite
2013-11-11 09:57 - 2013-11-11 09:57 - 00004679 _____ C:\Users\romanoff\Documents\AldiTalk.abw
2013-11-10 20:00 - 2013-06-16 19:33 - 00000434 _____ C:\Windows\Tasks\Wise Turbo Checker.job
2013-11-09 13:00 - 2013-03-09 10:14 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-09 12:59 - 2013-03-09 10:14 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-08 18:17 - 2013-11-08 18:16 - 35060384 _____ (Skype Technologies S.A.) C:\Users\romanoff\Downloads\SkypeSetupFull6.10.60.104.exe
2013-11-08 18:06 - 2013-09-14 20:47 - 00001278 _____ C:\Users\romanoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-11-08 18:06 - 2013-03-03 14:48 - 00002021 _____ C:\Users\romanoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2013-11-08 18:06 - 2013-02-28 19:16 - 00001438 _____ C:\Users\romanoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-08 17:59 - 2013-11-08 17:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-08 17:59 - 2013-02-28 19:16 - 00000000 ___RD C:\Users\romanoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-08 17:57 - 2013-11-08 17:49 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Systweak
2013-11-08 17:50 - 2013-11-08 17:50 - 00002678 _____ C:\Windows\System32\Tasks\UpdaterEX
2013-11-08 17:50 - 2013-11-08 17:50 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\UpdaterEX
2013-11-08 17:49 - 2013-11-08 17:49 - 00003928 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
2013-11-08 17:49 - 2013-11-08 17:49 - 00003692 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
2013-11-08 17:49 - 2013-11-08 17:49 - 00000000 ____D C:\Users\romanoff\AppData\Local\BonanzaDealsLive
2013-11-08 17:49 - 2013-11-08 17:49 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-08 17:49 - 2013-11-08 17:49 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-08 17:48 - 2013-11-08 17:48 - 20586496 _____ C:\Users\romanoff\Downloads\SkypeSetup [1].exe
2013-11-08 17:48 - 2013-11-08 17:48 - 00003392 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate
2013-11-08 17:48 - 2013-11-08 17:48 - 00000000 ____D C:\Users\romanoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-08 17:48 - 2013-11-08 17:48 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-08 17:47 - 2013-11-08 17:47 - 00683016 _____ C:\Users\romanoff\Downloads\SkypeSetup.exe
2013-11-08 17:41 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-05 23:58 - 2013-11-14 01:22 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-14 01:22 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 23:18 - 2013-09-14 17:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-05 23:06 - 2013-11-05 23:06 - 66445312 _____ C:\Windows\system32\config\SOFTWARE.iobit
2013-11-05 23:06 - 2013-11-05 23:06 - 00208896 _____ C:\Windows\system32\config\DEFAULT.iobit
2013-11-05 23:06 - 2013-11-05 23:06 - 00057344 _____ C:\Windows\system32\config\SAM.iobit
2013-11-05 23:06 - 2013-11-05 23:06 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2013-11-04 19:39 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-03 18:30 - 2013-10-02 07:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-03 18:27 - 2013-11-03 18:27 - 23549776 _____ (Mozilla) C:\Users\romanoff\Downloads\WEB.DE_Firefox_Setup.exe
2013-10-22 06:43 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\rescache
2013-10-22 01:39 - 2013-10-22 01:39 - 00281248 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-20 16:08 - 2013-10-20 16:08 - 00000000 _____ C:\Users\romanoff\Documents\Neues Textdokument.txt
2013-10-19 18:19 - 2013-08-16 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-10-19 13:33 - 2013-03-04 19:42 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-17 18:03 - 2013-03-13 18:46 - 00000000 ____D C:\Users\romanoff\Documents\Dokumente Privat

Files to move or delete:
====================
C:\Users\romanoff\asc-setup_6.1.9.220.exe
C:\Users\romanoff\Audials_Moviebox-Setup.exe
C:\Users\romanoff\avast_free_73antivirus_setup.exe
C:\Users\romanoff\avg_avct_stb_all_2013_2667_cm10.exe
C:\Users\romanoff\ccsetup400.exe
C:\Users\romanoff\fdminst_3.9.2b1303.exe
C:\Users\romanoff\flashget196en.exe
C:\Users\romanoff\FlashPlayer_V.30823792e.exe
C:\Users\romanoff\FreeYouTubeDownload_3.2.2.419.exe
C:\Users\romanoff\gg-install.exe
C:\Users\romanoff\GoogleDesktop59Setup.exe
C:\Users\romanoff\iTunes64Setup.exe
C:\Users\romanoff\iTunesSetup.exe
C:\Users\romanoff\jre-7u17-windows-x64.exe
C:\Users\romanoff\OrbitDownloader_4.1.1.17.exe
C:\Users\romanoff\Silverlight.exe
C:\Users\romanoff\SoftonicDownloader_dla_nfsdigitalclock03.exe
C:\Users\romanoff\SoftonicDownloader_dla_xclock.exe
C:\Users\romanoff\SoftonicDownloader_fuer_flashget-portable.exe
C:\Users\romanoff\SoftonicDownloader_fuer_flashget.exe
C:\Users\romanoff\SoftonicDownloader_fuer_glary-utilities.exe
C:\Users\romanoff\SoftonicDownloader_fuer_tubehunter-ultra.exe
C:\Users\romanoff\TuneUpUtilities2013_3020de-DE.exe
C:\Users\romanoff\VDownloader.exe.exe
C:\Users\romanoff\VDownloaderInstaller.exe
C:\Users\romanoff\VideoGetInstaller_trial.exe
C:\Users\romanoff\Word_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-09 14:36

==================== End Of Log ============================

--- --- ---

--- --- ---

2. Addition - EditorFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by romanoff at 2013-11-14 16:07:20
Running from C:\Users\romanoff\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AbiWord 2.8.6 (x32 Version: 2.8.6)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Advanced SystemCare 6 (x32 Version: 6.4)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0806.1156.19437)
AMD Quick Stream (Version: 3.3.26.0)
AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437)
Analogy Screen Saver (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Bonanza Deals (remove only) (x32 Version: 5.0.1.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
CCleaner (Version: 4.02)
CyberLink LabelPrint (x32 Version: 2.5.2.5712)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.4.5527)
D3DX10 (x32 Version: 15.4.2368.0902)
Delta toolbar   (x32 Version: 1.8.16.16)
Desktop Icon für Amazon (Version: 1.0.1 (de))
Digital Clock Screen Saver (x32 Version: v1.0)
DomaIQ (x32)
DROPCLOCK Screensaver (x32)
Energy Star (Version: 1.0.8)
Extended Update (HKCU)
FlashPlayer (x32 Version: 1.6.8)
Free YouTube Download version 3.2.2.419 (x32 Version: 3.2.2.419)
G-Filter (HKCU)
Glary Utilities 2.56.0.1822 (x32 Version: 2.56.0.1822)
Google Desktop (x32 Version: 5.9.0906.04286)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.3)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.10.1)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.6.1)
Iminent (x32 Version: 6.14.22.0)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
K-Lite Codec Pack 9.9.0 (Full) (x32 Version: 9.9.0)
loadtbs-3.0 (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
NewFreeScreensaver nfsClock16 (x32)
NewFreeScreensaver nfsClockSpeed02 (x32)
Nokia Connectivity Cable Driver (x32 Version: 7.1.172.0)
Nokia Suite (x32 Version: 3.8.30.0)
Nuclear Coffee - VideoGet (x32 Version: 2012)
Opera 12.16 (x32 Version: 12.16.1860)
PC Connectivity Solution (x32 Version: 12.0.109.0)
Ralink Bluetooth Stack64 (Version: 9.0.715.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.2.0)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Realtek PCIE Card Reader (x32 Version: 6.2.9200.29040)
Skype™ 6.10 (x32 Version: 6.10.104)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.10.12)
TubeHunter_DE Toolbar (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Wajam (x32 Version: 1.98)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
WinPcap 4.1.1 (x32 Version: 4.1.0.1753)
Wsys Control 10.2.1.2652 (x32 Version: 10.2.1.2652)
Yontoo 2.053 (Version: 2.053)

==================== Restore Points  =========================

19-10-2013 12:31:38 Windows Update
01-11-2013 00:10:56 Removed IObit Apps Toolbar v8.1.
05-11-2013 22:09:41 Windows Modules Installer
08-11-2013 16:53:22 RegClean Pro Fr, Nov 08, 13  17:53
08-11-2013 17:31:13 Removed Skype™ 6.10
13-11-2013 12:47:14 Windows Update
13-11-2013 22:11:23 Removed Google Drive
13-11-2013 22:21:20 Installed 7-Zip 9.20 (x64 edition)

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0704081C-3B5F-470A-B448-9A0553F3ED6D} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {2737A449-FA0E-419F-97CC-506667173355} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-08] (BonanzaDeals)
Task: {32E53270-0EAF-49BC-94DD-215BAC3C7C15} - System32\Tasks\BonanzaDealsUpdate => C:\Program
Task: {4810B636-6906-469C-8224-FF4235C4B241} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {4BFDBC81-1AD4-43B9-98A1-D5A1182CA53B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5A67B1D8-3DBA-4609-BB2C-145DC39C52A6} - System32\Tasks\EPUpdater => C:\Users\romanoff\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {65012A2D-782F-4332-894B-797CBD8DA001} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {7AD44E2C-E59A-41A4-B639-157553665E5D} - System32\Tasks\SpeedyPC Pro => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2013-03-05] (SpeedyPC Software, Inc.)
Task: {7B2032C0-63BA-48A3-9830-21150B8AB150} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {85EC3417-B2EF-4704-BDE4-8D477F1EAD0F} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: {87004B61-B9D9-4B37-9D30-101DABD5767D} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-08] (BonanzaDeals)
Task: {9083C227-36EF-4AA1-AD8B-497DB5367317} - System32\Tasks\HPCeeScheduleForromanoff => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {96E3D1E0-E1CC-4A6A-BC1C-A6B98F3B540C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {992B5DC5-1A29-4CDE-97EA-018BC0B0050A} - System32\Tasks\UpdaterEX => C:\Users\romanoff\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {A32EE65B-E744-4420-8FDD-49A234A09C10} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {B8BBBC2D-5763-4EA8-86C5-46B15C3F0328} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BC608879-B7F4-4CE4-92C3-8B478D3D8996} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {BD358074-8D70-4D23-AC1D-CD6CAB530CEE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {D2B4C08A-8F94-4546-97EB-15ABEF3635D2} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-08-10] (IObit)
Task: {D56C7676-14A1-4A99-A339-240DD63B233A} - System32\Tasks\MySearchDial => C:\Users\romanoff\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe
Task: {F7BCC183-6018-40F6-A943-54DF58547FA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\HPCeeScheduleForromanoff.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\romanoff\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\romanoff\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2012-07-10 18:09 - 2012-07-10 18:09 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2013-10-13 16:49 - 2013-01-15 17:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll
2013-11-14 12:43 - 2013-11-14 11:25 - 02233344 _____ () C:\Program Files\AVAST Software\Avast\defs\13111400\algo.dll
2013-10-13 16:49 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2013-10-13 16:49 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2013-10-13 16:49 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2013-10-13 16:49 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-10 18:09 - 2012-07-10 18:09 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-07-10 18:11 - 2012-07-10 18:11 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-08-10 10:55 - 2012-08-10 10:55 - 00323648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2012-05-02 17:28 - 2012-05-02 17:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-03-09 11:44 - 2013-03-09 11:44 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2013-05-21 17:50 - 2013-11-14 13:33 - 00013600 _____ () C:\Users\romanoff\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
2013-11-03 18:29 - 2013-10-26 02:53 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2013 03:10:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1654

Error: (11/14/2013 03:10:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1654

Error: (11/14/2013 03:10:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2013 02:29:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1606

Error: (11/14/2013 02:29:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1606

Error: (11/14/2013 02:29:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2013 11:36:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1653

Error: (11/14/2013 11:36:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1653

Error: (11/14/2013 11:36:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2013 10:27:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1623


System errors:
=============
Error: (11/14/2013 01:54:19 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 01:54:18 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 01:54:12 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 01:54:11 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 01:31:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet.

Error: (11/14/2013 01:30:25 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (11/14/2013 00:54:18 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 00:54:17 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 00:54:11 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (11/14/2013 00:54:11 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (11/14/2013 03:10:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1654

Error: (11/14/2013 03:10:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1654

Error: (11/14/2013 03:10:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2013 02:29:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1606

Error: (11/14/2013 02:29:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1606

Error: (11/14/2013 02:29:18 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2013 11:36:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1653

Error: (11/14/2013 11:36:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1653

Error: (11/14/2013 11:36:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2013 10:27:26 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1623


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 3682.26 MB
Available physical RAM: 2479.77 MB
Total Pagefile: 4322.26 MB
Available Pagefile: 3080.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.82 GB) (Free:389.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.18 GB) (Free:1.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 37DACB8A)

Partition: GPT Partition Type
==================== End Of Log ============================

--- --- ---

Lieber schrauber,

ich habe vor etwa 30 Minuten das gestern heruntergeladene 7zip-Programm deinstalliert. Seit diesem Zeitpunkt bekomme ich keine avast!-Meldung mehr. Falls sich was ändern wird, werde ich Dich sofort benachrichtigen.

Vielen Dank für Deine Hilfe und Bereitschaft!

schrauber · 15.11.2013, 18:32

hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Windows 8 - avast! meldet Bedrohung wegen Gutscheinfilters

Plagegeister aller Art und deren Bekämpfung: Windows 8 - avast! meldet Bedrohung wegen Gutscheinfilters